LISTING OF THE CLAIMS 
1-28. (canceled) 

29. (previously presented) A system for filtering packets comprising: 

a filtering database comprising layered rule tables, wherein each rule table applies to a 
respective protocol element of a packet and comprises a protocol element locator and a default 
rule; and 

a packet filtering engine coupled to the filtering database for filtering said packets using 
at least one rule table in the filtering database. 

30. (canceled) 

3 1 . (previously presented) The system for filtering packets in claim 29 wherein each rule 
table further comprises at least one filtering rule. 

32. (original) The system for filtering packets in claim 31 wherein the at least one filtering 
rule comprises a statistics counter. 

33. (previously presented) The system for filtering packets in claim 29 wherein the protocol 
element locator comprises an offset and a mask for selecting a protocol element of a packet. 

34. (original) The system for filtering packets in claim 29 wherein the protocol element 
locator further comprises a table timer and statistics counters. 

35. (previously presented) The system for filtering packets in claim 29 wherein the packet 
filtering engine further comprises: 

a packet buffer for storing packets; 

a protocol element locator buffer for storing the protocol element locator; and 
a rule evaluator for receiving a packet from the packet buffer and applying at least one 
rule table to the packet. 
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36 (original) The system of claim 29 wherein the packet filtering engine is coupled to 
receive a packet prototype modifying the filtering database. 

37. (currently amended) The system for filtering packets in claim 29 wherein the system is 
coupled to receive a packet prototype for determining a table or rule part of the filtering 
database to be modified in the filtering databas e. 

38-46. (canceled) 

47. (previously presented) A system for filtering packets comprising: 
a packet buffer for storing packets; 

a protocol element locator for indicating a protocol element in a packet; 

a filtering database comprising layered tables of rules, each rule table applying to a 
respective protocol element of a packet and comprising the protocol element locator and at least 
one rule to be applied to the protocol element in the packet; and 

a rule evaluator having a first input coupled to the packet buffer for using the protocol 
element locator to determine a protocol element from the packet and for applying at least one 
rule table to the protocol element. 

48. (original) The system for filtering packets in claim 47 wherein each rule table comprises 
at least one filtering rule and at least one default rule to be applied to the protocol element 
indicated by the protocol element locator. 

49. (original) The system for filtering packets in claim 47 further comprising a processor 
interface for receiving a packet prototype, said packet prototype to be used in modifying the 
filtering database. 

50-54. (canceled) 

55. (previously presented) A method for filtering packets in a system comprising a filtering 
database containing layered tables of rule tables, the method comprising the steps of: 
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selecting a protocol element from a packet; 

accessing a unique rule table in said layered tables of rule tables corresponding to the 
selected protocol element; said rule table comprising at least one filtering rule; and 
applying the at least one filtering rule to the selected protocol element. 

56. (original) The method of claim 55 wherein the step of selecting a protocol element further 
comprises the substeps of: 

obtaining a protocol element locator from the rule table in the filtering database; and 
applying the protocol element locator to the packet to select the protocol element from 
the packet. 

57. (original) The method of claim 55 wherein the step of applying the at least one filtering 
rule comprises the substep of: 

determining whether the selected protocol element is less than or equal to an upper 

bound. 

58. (original) The method of claim 55 wherein the step of applying the at least one filtering 
rule comprises the substep of: 

determining whether the selected protocol element is great than or equal to a lower 

bound. 

59. (original) The method of claim 55 further comprising the step of receiving a packet 
prototype for modifying the filtering database. 

60-62. (canceled) 

63. (previously presented) A system for modifying a filtering database comprising: 

a packet prototype for determining a location to be modified in the filtering database, and 
a filtering engine for receiving the packet prototype from an external software source and 

for modifying the location determined by the packet prototype. 
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64. (original) The system of claim 63 wherein the packet prototype comprises: 

at least one protocol element descriptor having an upper bound and a lower bound, 
wherein said lower bound and said upper bound are used to point to a location in the filtering 
database. 

65-71. (canceled) 

72. (previously presented) An apparatus for filtering packets comprising: 

a plurality of protocol element locators such that each protocol element locator selects 
one of a plurality of protocol elements from a packet; 

a plurality of rule tables, each rule table corresponding to a respective protocol element; 

and 

a default rule and a filtering action for each rule table. 

73. (previously presented) The apparatus of claim 72 wherein each rule table further 
comprises at least one filtering rule. 

74. (previously presented) The apparatus of claim 73 wherein the filtering rule comprises a 
pointer to another rule table. 

75. (previously presented) The apparatus of claim 73 wherein the filtering rule comprises a 
statistics counter. 

76. (previously presented) The apparatus of claim 72 wherein the protocol element locator 
specifies an offset and a mask for selecting a protocol element from a packet. 

77. (previously presented) A system for filtering packets comprising: 
a static storage device; 

a filtering database comprising a protocol element locator for selecting one of a plurality 
of protocol elements from a packet, a plurality of rale tables, wherein each rule table has a 
corresponding protocol element and a default rule; and 
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a packet filtering engine coupled to the filtering database, the filtering engine to filter 
packets using the rule table. 

78. (previously presented) The system of claim 77 wherein the filtering database further 
comprises at least one filtering rule for each rule table. 

79. (previously presented) The system of claim 77 wherein the filtering rule comprises a 
pointer to another rule table. 

80. (previously presented) The system of claim 78 wherein the filtering rule comprises a 
statistics counter. 

8 1 . (previously presented) The system of claim 77 wherein the protocol element locator 
comprises an offset and a mask for selecting the protocol element of the packet. 

82. (previously presented) The system of claim 77 wherein the protocol element locator 
further comprises a table timer and statistics counters. 

83. (previously presented) The system of claim 77 wherein the filtering engine further 
comprises: 

a packet buffer for storing packets; 

a protocol element locator buffer for storing the protocol element locator; and 
a rule evaluator for receiving the packet from the packet buffer and applying at least rule 
table to the packet. 
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